Abstract
With the widespread use of Internet of Things and cloud computing in smart cities, various security and privacy challenges may be encountered.The most basic problem is authentication between each application, such as participating users, IoT devices, distributed servers, authentication centers, etc. In 2020, Kang et al. improved an authentication protocol for IoT-Enabled devices in a distributed cloud computing environment and its main purpose was in order to prevent counterfeiting attacks in Amin et al.’ protocol, which was published in 2018. However, We found that the Kang et al.’s protocol still has a fatal vulnerability, that is, it is attacked by offline password guessing, and malicious users can easily obtain the master key of the control server. In this article, we extend their work to design a lightweight pseudonym identity based authentication and key agreement protocol using smart card. For illustrating the security of our protocol, we used the security protocol analysis tools of AVISPA and Scyther to prove that the protocol can defend against various existing attacks. We will further analyze the interaction between participants authentication path to ensure security protection from simulated attacks detailedly. In addition, based on the comparison of security functions and computing performance, our protocol is superior to the other two related protocols. As a result, the enhanced protocol will be efficient and secure in distributed cloud computing architecture for smart city.
Highlights
In recent years, Internet of things (IoT) devices, such as sensor devices, RFID tags, actuators and smart objects, are increasingly being used in daily life to provide people with a convenient life
We found that the Kang et al.’s protocol still has a fatal vulnerability, that is, it is attacked by offline password guessing, and malicious users can obtain the master key of the control server
Many authentication protocols integrated with IoT and distributed cloud computing have been proposed for secure access control on large-scale IoT networks [5,6,7,8,9,10,11,12,13]
Summary
Internet of things (IoT) devices, such as sensor devices, RFID tags, actuators and smart objects, are increasingly being used in daily life to provide people with a convenient life. There should be a standard platform that can handle efficiently large amount of heterogeneity data and devices, as the data and devices are growing exponentially [1]. By studying a large number of authentication protocols [14], we further discover an off-line password guessing attack on Kang et al.’s protocol, that is, a malicious user can get the secret number of the master control server. This is a fatal vulnerability to the entire system. We extend upon their work by designing a lightweight dynamic pseudonym identity based authentication and key agreement protocol using a smartcard, which is proven to be efficient and secure
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: EURASIP Journal on Wireless Communications and Networking
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
